After Gawker passwords were compromised it might be a good idea to look at how you are storing your passwords. Considering:

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

You will have to use a third party library to use bcrypt in Python called Bcryptor. It has a simple enough API: